hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-26 21:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,527 Commits 1,687 Branches 159 Tags
codeql-cli/v2.16.0
Commit Graph

62527 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
c34ad25cf9 Merge pull request #14674 from github/revert-14663-csharp/split-generated-mad-files 
Revert "C#: Split `generated/dotnet_runtime.yml` into separate files"
 2023-11-03 09:51:22 +01:00
Tom Hvitved
13e60d7b11 Revert "C#: Split generated/dotnet_runtime.yml into separate files" 2023-11-03 09:07:54 +01:00
Anders Schack-Mulligen
132cc03e3b Merge pull request #14664 from aschackmull/shared/modulus-step 
RangeAnalysis: Improve bounds that rely on relative modulus.
 2023-11-03 08:16:48 +01:00
Mathias Vorreiter Pedersen
679d64f0e8 Merge pull request #14647 from microsoft/24-odbc-model-instantiation-upstream2 
C++: Adding a model implementation for ODBC.
 2023-11-02 19:42:27 +00:00
Benjamin Rodes
30a512c96b Formatting 2023-11-02 15:01:15 -04:00
Robert Marsh
81d77bf37c Merge pull request #14578 from geoffw0/stringwith 
Swift: Models for String methods involving closures.
 2023-11-02 13:53:22 -04:00
Benjamin Rodes
947e0274c7 Adding sql injection test for ODBC. 2023-11-02 13:27:42 -04:00
shati-patel
ac0fd93cb3 Update docs for customizing settings 2023-11-02 17:17:02 +00:00
shati-patel
2f4eea5a0d Update docs for exploring ASTs 2023-11-02 17:16:47 +00:00
Benjamin Rodes
f404d7a5f8 Changes to address pr comments. 2023-11-02 13:11:23 -04:00
Mathias Vorreiter Pedersen
392b2af923 C++: Only the second indirection of the argument should be the remote flow source. 2023-11-02 16:51:24 +00:00
Mathias Vorreiter Pedersen
b82dfa9a21 C++: Fix failing test by allocating 'TFunctionInput's and 'TFunctionOutput's for more indirections. Note that we now mark two output nodes coming out of 'getaddrinfo' as a remote flow source (the first indirection and the second indirection). We'll fix that in the next commit. 2023-11-02 16:45:50 +00:00
Mathias Vorreiter Pedersen
5487b404ed C++: Add failing test. 2023-11-02 16:41:19 +00:00
Michael Nebel
0bf2d77a7e C#: Update integration tests. 2023-11-02 15:46:54 +01:00
Michael Nebel
a161d6e666 C#: Update unit tests. 2023-11-02 15:46:39 +01:00
Michael Nebel
9ea6ef06ef C#: Commented out references in project files should not be used. 2023-11-02 15:45:30 +01:00
Anders Schack-Mulligen
f2b52650d5 Rangeanalysis: Filter useless modulo results. 2023-11-02 15:29:56 +01:00
Tom Hvitved
a35bda2946 Merge pull request #14663 from hvitved/csharp/split-generated-mad-files 
C#: Split `generated/dotnet_runtime.yml` into separate files
 2023-11-02 14:36:48 +01:00
Tom Hvitved
f82f1df5d6 Merge pull request #14657 from hvitved/csharp/qualified-name 
C#: Move qualified name computation into `QualifiedName.qll`
 2023-11-02 14:36:13 +01:00
Anders Schack-Mulligen
7bf271fb6c RangeAnalysis: Improve bounds that rely on relative modulus. 2023-11-02 12:51:48 +01:00
Tom Hvitved
a9e2f55b61 C#: Split generated/dotnet_runtime.yml into separate files 2023-11-02 12:45:47 +01:00
Anders Schack-Mulligen
484d0fe4cd Merge pull request #14659 from aschackmull/shared/modulus-analysis 
Java/C++: Share modulus analysis
 2023-11-02 12:45:35 +01:00
Tom Hvitved
12d856737a Address review comments 2023-11-02 12:38:35 +01:00
Tony Torralba
8f4509f434 Merge pull request #14651 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2023-11-02 10:48:32 +01:00
Geoffrey White
431d9d58f1 Merge pull request #14639 from geoffw0/anchorquery 
Swift: New query for Missing Regular Expression Anchor
 2023-11-02 09:20:19 +00:00
Geoffrey White
242399817a Swift: Remove 'only'. 2023-11-02 08:32:36 +00:00
yoff
fd757b0089 Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-11-02 09:31:28 +01:00
Rasmus Lerchedahl Petersen
58bf70d61b Python: filter self steps from use-use flow 
Factor out use-use flow in order to do this.
Also improve names and comments.

I also wanted to change the types in `difinitionFlowStep`, but
that broke the module instantiation.
 2023-11-02 09:31:28 +01:00
Rasmus Lerchedahl Petersen
613831b2e1 Python: add test for post-update loop flow 2023-11-02 09:31:28 +01:00
Geoffrey White
c937230f1a Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-11-02 08:30:53 +00:00
yoff
c26c68c286 Merge pull request #14617 from yoff/python/module-for-import-time-flow 
Python: module for import time flow
 2023-11-02 09:28:51 +01:00
Anders Schack-Mulligen
7c3684dbb7 RangeAnalysis: Rename semExprModulus to exprModulus. 2023-11-02 08:19:23 +01:00
Anders Schack-Mulligen
400910e4d3 C++: Fix modulus analysis test. 2023-11-02 08:19:23 +01:00
github-actions[bot]
155073c498 Add changed framework coverage reports 2023-11-02 00:16:04 +00:00
Geoffrey White
48c3db2290 Swift: Change note. 2023-11-01 18:49:45 +00:00
Geoffrey White
206acea41c Swift: Fix defaultImplicitTaintRead for sinks that are field accesses on a subclass of the type containing the field. 2023-11-01 17:49:25 +00:00
Geoffrey White
727a7e804c Update swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.qhelp 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-11-01 16:32:25 +00:00
Sam Browning
37361d9f79 Merge branch 'main' of https://github.com/github/codeql 2023-11-01 11:43:33 -04:00
Anders Schack-Mulligen
f8ab64dff0 Java: Switch to shared modulus analysis. 2023-11-01 16:34:28 +01:00
Tom Hvitved
c717e346fb C#: Move qualified name computation into QualifiedName.qll 2023-11-01 16:21:55 +01:00
Anders Schack-Mulligen
ac115e0a6f Rangeanalysis: Reshuffle perf fix. This should result in the same join-order, but with less materialisation. 2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen
bb2bbd2d4d Rangeanalysis: Remove useless pragma. 2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen
f6794fe859 Rangeanalysis: Adjust modulo analysis comment. 2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen
8e9aa5b560 C++: Switch to shared modulus analysis. 2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen
a7f3ef1a6c Rangeanalysis: Parameterise shared modulus analysis. 2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen
8e2b17cd86 Rangeanalysis: Copy C++ ModulusAnalysis file verbatim. 2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen
6d859daf3d Merge pull request #14656 from aschackmull/shared/range-utils 
Rangeanalysis: Share ssaRead predicate
 2023-11-01 15:57:52 +01:00
Mathias Vorreiter Pedersen
b54b5ae0a9 Merge pull request #14648 from MathiasVP/simplify-invalid-ptr-deref 
C++: Remove one use of range analysis in `cpp/invalid-pointer-deref`
 2023-11-01 14:42:20 +00:00
Geoffrey White
b3fa59d94b Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-11-01 13:15:06 +00:00
Tom Hvitved
3c86aad16d Merge pull request #14628 from hvitved/ruby/type-tracking-store-post-update 
Ruby: Summarized type-tracking stores should target post-update nodes
 2023-11-01 13:54:21 +01:00